You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When creating a role in the Admin UI, the channel for the permissions can be empty. If no channel is selected, no permissions will be applied, therefore all @Allow() auth guards will deny access, even if the role has the correct permission
To Reproduce
Steps to reproduce the behavior:
Open the Admin UI
Click on Settings > Roles
Check the Channel input, it is allowed to be empty.
Create a role without a channel, assign it the correct permissions and to a user
Try to access a protected Query
Expected behavior
The channel selection input should not allow empty values and the Admin API might want to require the channel as well. That would prevent an empty channel to be set, therefore, permissions will always work as expected
Environment (please complete the following information):
@vendure/core version: 2.1.8
Nodejs version: v18.19.1
Database (mysql/postgres etc): postgres
The text was updated successfully, but these errors were encountered:
Describe the bug
When creating a role in the Admin UI, the channel for the permissions can be empty. If no channel is selected, no permissions will be applied, therefore all
@Allow()
auth guards will deny access, even if the role has the correct permissionTo Reproduce
Steps to reproduce the behavior:
Expected behavior
The channel selection input should not allow empty values and the Admin API might want to require the channel as well. That would prevent an empty channel to be set, therefore, permissions will always work as expected
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: